Commercial Ventures: U.S. District Court holds that Insured’s Co-Owner and President is not an “Employee” under Crime Policy

By David S. Wilson and Chris McKibbin

Several recent decisions, such as Telamon Corporation v. Charter Oak Fire Insurance Company (see our March 13, 2017 post), have highlighted the importance of assessing the precise legal status of an alleged defaulter’s work relationship vis-à-vis the insured as part of a proper coverage analysis. The decision of the U.S. District Court for the Central District of California in Commercial Ventures, Inc. v. Scottsdale Insurance Company provides another example of the courts considering this challenging issue. In Commercial Ventures, the Court dealt with an alleged defaulter who was both a minority owner and the President of the insured, and specifically addressed whether contingent ownership distributions constituted “salary, wages or commissions” within the crime coverage’s definition of “Employee”.

The Facts

Commercial Ventures had two affiliated companies, Noblita, LLC (“Noblita”), which operated an apparel business, and Daylight Investors, LLC (“Daylight”), which owned 49 per cent of Noblita. Rik Guido personally owned another 49 per cent of Noblita, and was also its President. As an owner of Noblita, Guido was entitled to receive $27,500 per month, but only under certain conditions.

Noblita’s Limited Liability Company Operating Agreement (the “Operating Agreement”) defined Guido’s compensation as follows:

Mr. Guido will not be paid for such services [as President], but so long as (1) he is President of the Company and rendering his full time services to the Company (and in compliance with the terms of this Agreement) and (2) the company has adequate monies, Mr. Guido will receive a Distribution of twenty–seven thousand five hundred dollars ($27,500) per month.

The Operating Agreement defined “Distribution” as “the transfer of money or property by [Noblita] to one or more Members without separate consideration.”

In November 2013, Daylight sued Guido in state court, alleging that Guido participated in a fraudulent scheme whereby he transferred money and inventory from Noblita to a Florida-based company in which he had an ownership interest.

Commercial Ventures maintained a Business Management Indemnity Policy with Scottsdale, under which both Noblita and Daylight were additional insureds. The policy’s crime coverage included coverage for employee theft. Daylight notified Scottsdale of a potential employee theft loss arising from Guido’s alleged actions.

Scottsdale inquired as to the nature of Guido’s role with Noblita. Noblita’s controller advised that Guido was not entitled to take any distribution from Noblita unless the company had adequate monies or was profitable. The controller added that, during the majority of the months in which Guido worked for Noblita, it had negative operations and Guido was therefore not entitled to any distribution.

In Scottsdale’s view, Guido was a non-salaried member of Noblita, and was therefore not an “Employee” within the meaning of the crime coverage.

The Employee Theft Coverage

Scottsdale moved for summary judgment before the District Court on this issue. The crime coverage defined “Employee” as:

Any natural person while in the services of the Insured, including sixty (60) days after termination of service; provided the Insured:

i. compensates such person directly by salary, wages or commissions; and

 ii. has the right to direct and control such person while performing services for the Insured.

 The parties’ dispute centred on whether Guido’s contingent compensation constituted “salary, wages or commissions”. Commercial Ventures asserted that, because the crime coverage did not define the terms “salary, wages or commissions”, the terms were ambiguous. The Court considered dictionary definitions of those terms:

Salary

  • fixed compensation paid regularly for services.”
  • [a]n agreed compensation for services—esp. professional or semiprofessional services usu. Paid at regular intervals on a yearly basis, as distinguished from an hourly basis.”

Wage

  • a payment usually of money for labor or services usually according to contract and on an hourly, daily, or piecework basis.”
  • [p]ayment for labor or services, usu. Based on time worked or quantity produced; specif., compensation of an employee based on time worked or output of production.”

Commission

  • a fee paid to an agent or employee for transacting a piece of business or performing a service.”
  • [a] fee paid to an agent or employee for a particular transaction, usu. as a percentage of the money received from the transaction.”

The Court noted that the parties were in agreement that “salary, wages or commissions” constituted compensation for a person’s services, and held that:

… the Court finds that the definition of “employee” is unambiguous as it is clearly defined in the policy. In addition, “salary, wages or commissions” — words used to define “employee” — are not ambiguous as they are only subject to one interpretation in this case as well. Therefore, the issue becomes solely whether there is a triable issue of fact as to whether Plaintiff paid Mr. Guido for his services, in turn, meaning whether he was paid “salary, wages, or commissions.” [citations omitted]

The Court then considered whether Guido’s contingent compensation under the Operating Agreement could be considered “salary, wages or commissions”. The Court observed that accepting the insured’s arguments on this issue would entail that the definition of “Distribution”, which specifically indicated that distributions were made “without separate consideration”, would be meaningless, as would the provision stipulating that “Mr. Guido will not be paid for” his services as President. In accepting Scottsdale’s view, by contrast:

… the Court may give these provisions their plain meaning and may still read the Operating Agreement as a cohesive whole. In other words, in the Court’s view, it appears that the parties, as reflected in the Operating Agreement, intended to appoint Mr. Guido as President of Noblita and to provide him with ownership distributions. The Operating Agreement did not intend, however, to compensate Mr. Guido for his services as President; rather, it compensates him in his role as an owner through distributions only. Though the Operating Agreement indicates that Mr. Guido is entitled to his owner distributions only so long as he served as President, this does not mean that his owner distributions are intended to compensate him for his services. [emphasis added]

Consequently, Guido was not an “Employee” and no indemnity was available.

Conclusion

Although the decision is based on the interpretation of the specific contract between Noblita and Guido, Commercial Ventures provides general guidance as to the proper interpretation of the definition of “Employee” found in many crime coverages, as well as the meaning of the specific terms “salary, wages or commissions”. The Court rejected the insured’s contention that these terms were ambiguous, and found that ownership distributions did not fall within their ambit. The interpretive approach adopted in Commercial Ventures will be of assistance to fidelity claims professionals in assessing whether individuals who maintain both ownership and other roles within an insured come within the definition of “Employee”.

Commercial Ventures, Inc. v. Scottsdale Insurance Company, 2017 WL 1196462 (C.D. Cal.)

Leave a comment

Filed under Employee Theft

Taylor & Lieberman: Ninth Circuit finds No Coverage under Crime Policy for Client Funds lost in Social Engineering Fraud

By David S. Wilson and Chris McKibbin

In the recent decision of Taylor & Lieberman v. Federal Insurance Company, the Ninth Circuit Court of Appeals affirmed a decision of the U.S. District Court for the Central District of California holding that a business management firm did not have coverage in respect of client funds which it was fraudulently induced to wire overseas.

While the District Court had held that the insured had failed to establish that it had sustained any “direct” loss at all (see our July 14, 2015 post), the Ninth Circuit affirmed the result on other grounds, holding that the insured had also failed to establish that the loss came within the substantive requirements of any of the Forgery, Computer Fraud or Funds Transfer Fraud insuring agreements.

The Facts

Taylor & Lieberman (“T&L”) was an accounting firm which also performed business management and account oversight services for various clients, including the client in issue. Clients’ funds were held in separate bank accounts maintained with City National Bank. Clients granted Powers of Attorney over their accounts to a designated individual at T&L, permitting transactions to be made in the accounts.

A fraudster obtained access to the client’s email account and sent two emails from that account to a T&L employee, as follows:

  • The first email directed the employee to wire $94,280 to an account in Malaysia. The employee did so, and then sent a confirming email to the client’s email account.
  • The next day, the employee received another email from the client’s account directing her to wire $98,485 to an account in Singapore. The employee again complied, and again sent a confirming email to the client’s email account.

The employee then received a third email, purportedly from the client, but sent from a different email address. The employee contacted the client by phone, and discovered that all three emails were fraudulent. T&L was able to recover some of the funds, but had to reimburse its client and incurred a net loss of nearly $100,000.

T&L submitted a claim under each of its Forgery Coverage, its Computer Fraud Coverage and its Funds Transfer Fraud Coverage. The District Court held that each of these coverages required “direct loss sustained by an Insured” and that, as a matter of law, no direct loss had been sustained.

On appeal, the Ninth Circuit did not disturb the finding with respect to direct loss, but affirmed the result on the basis that T&L had failed to establish that the loss came within the scope of any of the insuring agreements.

The Forgery Coverage

The Ninth Circuit quickly dismissed T&L’s contention that this insuring agreement’s requirement of a “Forgery or alteration of a financial instrument” did not require proof of a “Forgery” of a financial instrument, because the insuring agreement required only proof of an alteration of a financial instrument or a free-standing “Forgery” of any document, of any type. The Court held that the insuring agreement plainly required either a “Forgery” or an alteration of a financial instrument.

More substantively, the Court rejected T&L’s contention that the emails to T&L were financial instruments:

Here, the emails instructing T&L to wire money were not financial instruments, like checks, drafts, or the like. See Vons Cos., Inc. v. Fed. Ins. Co. … (C.D. Cal. 1998) (holding that wire instructions, invoices, and purchase orders were not “documents of the same type and effect as checks and drafts.”). And even if the emails were considered equivalent to checks or drafts, they were not “made, drawn by, or drawn upon” T&L, the insured. Rather, they simply directed T&L to wire money from T&L’s client’s account. In sum, there is no forgery coverage.

The Computer Fraud Coverage

The Computer Fraud insuring agreement required T&L to demonstrate “an unauthorized (1) “entry into” its computer system, and (2) “introduction of instructions” that “propogate[d] themselves” through its computer system.” The Court held that the sending of an email, without more, did not constitute an unauthorized entry into T&L’s computer system. Further, the emails were not an unauthorized introduction of instructions that propagated themselves through T&L’s computer system:

The emails instructed T&L to effectuate certain wire transfers. However, under a common sense reading of the policy, these are not the type of instructions that the policy was designed to cover, like the introduction of malicious computer code. … Additionally, the instructions did not, as in the case of a virus, propagate themselves throughout T&L’s computer system; rather, they were simply part of the text of three emails.

The Funds Transfer Fraud Coverage

The Funds Transfer Fraud insuring agreement indemnified against:

fraudulent written, electronic, telegraphic, cable, teletype or telephone instructions issued to a financial institution directing such institution to transfer, pay or deliver Money or Securities from any account maintained by an Insured Organization at such Institution, without an Insured Organization’s knowledge or consent.

The Court held that the requirements of the insuring agreement were not met:

This coverage is inapplicable because T&L requested and knew about the wire transfers. After receiving the fraudulent emails, T&L directed its client’s bank to wire the funds. T&L then sent emails confirming the transfers to its client’s email address. Although T&L did not know that the emailed instructions were fraudulent, it did know about the wire transfers.

Moreover, T&L’s receipt of the emails from its client’s account does not trigger coverage because T&L is not a financial institution.

As a result, there was no coverage available under the Federal policy.

Conclusion

Following the Fifth Circuit’s decision in Apache (see our October 24, 2016 post), the Ninth Circuit’s decision in Taylor & Lieberman provides another example of a clear trend on the part of the courts to refuse to find coverage for social engineering fraud losses under the “traditional” crime policy coverages (typically, computer fraud and funds transfer fraud coverages, but occasionally, as here, other coverages as well). The proliferation of social engineering frauds has created a new exposure for insureds, and fidelity insurers have responded by creating discrete social engineering fraud coverages. Like Apache, Taylor & Lieberman serves as a cautionary tale to businesses (and to their brokers) of how a business may be exposed to an uninsured loss in the event that it does not maintain such coverage.

Taylor & Lieberman v. Federal Insurance Company, 2017 WL 929211 (9th Cir.)

Leave a comment

Filed under Computer Fraud, Direct Loss, Forgery, Funds Transfer Fraud, Social Engineering Fraud

InComm: U.S. District Court holds that Computer Fraud Coverage does not respond in Prepaid Debit Card Scheme

By David S. Wilson, John Tomaine and Chris McKibbin

On March 16, 2017, the U.S. District Court for the Northern District of Georgia released its decision in InComm Holdings, Inc. v. Great American Insurance Company. The Court held that Great American’s computer fraud coverage did not respond where holders of prepaid debit cards used multiple simultaneous telephone calls to exploit a coding error in the insured’s computer system, thereby fraudulently increasing the balances on the cards. The Court also applied the recent appellate decisions in Apache (see our October 24, 2016 post) and Pestmaster (see our August 4, 2016 post) in holding that the loss scenario did not meet the direct loss requirement in the computer fraud insuring agreement.

The Facts

InComm was a debit card processor. Individuals could purchase prepaid debit cards issued by banks and then utilize InComm’s system to load funds onto those cards. InComm’s processing system consisted of an Interactive Voice Response (IVR) system and an Application Processing System (APS). The IVR system permitted cardholders, using telephone voice commands or touchtone codes, to load credit onto their cards. The APS provided transaction processing in respect of transaction instructions received through the IVR system. After the APS carried out the requested instruction, it would communicate the result to the IVR system, which would then report the result to the cardholder.

To add value to a card, a cardholder could purchase a chit from a retailer, which would then relay the funds to InComm by transferring them to an account maintained by InComm with Wells Fargo. To redeem the chit, the cardholder would call the IVR system and provide the unique PIN printed on the chit. The IVR system would then relay the information to the APS, which would verify the data and then add the value of the chit to the card.

After a chit is redeemed, InComm transfers the equivalent amount of funds to the bank that issued the card. The funds are then maintained by the issuing bank for the benefit of the cardholder until the cardholder makes a purchase, at which point the issuing bank remits funds to the vendor. InComm is not involved in payments by banks to vendors.

InComm contracted with Bancorp to serve as program manager for cards issued by Bancorp. When a Bancorp cardholder redeemed a chit, InComm would transfer the equivalent dollar amount from its Wells Fargo account to a special settlement account held at Bancorp in Bancorp’s name. The InComm-Bancorp contract provided that “[Bancorp] shall hold all Cardholder Balances in a fiduciary or custodial manner on behalf of [InComm] as holder[ ] of the Cardholder Balances for the benefit of Cardholders” and that “all Cardholder Balances shall be held in trust for the benefit of the Cardholders”.

For a period of several months in 2013 and 2014, there was a coding error in the IVR system which permitted a chit to be redeemed multiple times. Cardholders could exploit the coding error by making multiple simultaneous telephone calls to the IVR system, redeeming their chit multiple times, and obtaining multiples of the value of the chits, which were then used by the cardholders to make purchases. As a result of the misuse of the IVR system, InComm wired $10,769,039 to Bancorp in connection with these fraudulent transactions. Bancorp transmitted most of these funds to vendors, but currently retains $1,880,769 of the wrongfully-redeemed funds in its trust account.

The Computer Fraud Coverage

InComm submitted a claim under its computer fraud coverage, which provided that Great American would:

… pay for loss of, and loss from damage to, money, securities and other property resulting directly from the use of any computer to fraudulently cause a transfer of that property from inside the premises or banking premises:

a. to a person (other than a messenger) outside those premises; or

b. to a place outside those premises.

Great American reasoned that the cardholders had not engaged in computer fraud within the meaning of the policy, as they had utilized telephones, not computers, to make the calls. Great American also took the view that any loss to InComm was not a loss “resulting directly” from computer fraud. The Court accepted Great American’s position on both issues.

Relying on the Ninth Circuit’s recent Pestmaster decision, the Court held that the cardholders’ telephone usage could not be construed as the “use” of a computer, notwithstanding that their telephones were ultimately communicating with a computer system:

Use” also is not defined in the Policy. The word commonly is defined as to “take, hold, or deploy (something) as a means of accomplishing or achieving something; … A person thus “uses” a computer where he takes, holds or employs it to accomplish something. That a computer was somehow involved in a loss does not establish that the wrongdoer “used” a computer to cause the loss. To hold so would unreasonably expand the scope of the Computer Fraud Provision, which limits coverage to “computer fraud.” Cf. Pestmaster … (“Because computers are used in almost every business transaction, reading [a computer fraud insurance policy] provision to cover all transfers that involve both a computer and fraud at some point in the transaction would convert this Crime Policy into a ‘General Fraud’ Policy.”). It also would violate the Court’s obligation to read the Policy “as a layman would read it and not as it might be analyzed by an insurance expert or an attorney.” … Lawyerly arguments for expanding coverage to include losses involving a computer engaged at any point in the causal chain — between the perpetrators’ conduct and the loss — unreasonably strain the ordinary understanding of “computer fraud” and “use of a[ ] computer”. …

 The Policy does not cover InComm’s losses resulting from the unauthorized redemptions, because the cardholders used telephones, not computers, to perpetrate their scheme. [emphasis added]

Direct Loss

The Court also held that InComm had not established that it had sustained a loss “resulting directly” from the cardholders’ conduct. The Court observed that, under the terms of InComm’s contract with Bancorp, InComm retained an interest, as trustee, in the funds so long as they continued to be held by Bancorp. Consequently, a transfer from InComm’s Wells Fargo account to Bancorp was not itself a loss. The earliest that a loss could occur was when funds were paid out by Bancorp to vendors to settle the cardholders’ expenditure of the fraudulently-redeemed chits.

The Court continued:

This conclusion is underscored by the fact that funds wired to Bancorp, as a result of the fraudulent chit redemptions, are still in the Bancorp Account almost three years after the chits were wrongfully redeemed. That is, these funds have not been lost. InComm’s loss thus did not result “directly” from the fraudulent redemptions, because it occurred only after InComm wired money to Bancorp, after the cardholder used his card to pay for a transaction, and after Bancorp paid the seller for the cardholder’s transaction. … The losses here did not occur when funds were sent to Bancorp’s premises. They occurred when funds were sent, by Bancorp, to the premises or accounts of merchants from which cardholders purchased goods or services. [emphasis added]

The Court also observed that, even if the loss had occurred earlier in the process (i.e., when the funds left Wells Fargo), the loss still did not result directly from the chit redemptions. Great American pointed out that those fraudulent redemptions did not automatically transfer funds to issuers like Bancorp. A redemption did not reduce the available assets in InComm’s hands; instead, a redemption only triggered InComm’s contractual obligation to an issuer to fund the redemption.

The Court agreed. Relying on Pestmaster and Apache, the Court held that:

… InComm’s loss resulted directly — that is, immediately — from InComm’s decision to wire the funds to Bancorp, not from the cardholders’ redemptions. Apache, and the cases it discusses, warn that to find coverage based on the use of a computer, without a specific and immediate connection to a transfer, would effectively convert a computer fraud provision into a general fraud provision. … To accept InComm’s argument that the cardholders’ fraudulent redemptions resulted directly in the transfer of funds from InComm to Bancorp — where InComm itself chose to make the transfer — would violate the admonition in Apache and the other cases addressing computer fraud coverage.

The computer fraud insuring agreement in InComm’s policy is identical to the one at issue in Apache. Apache involved a social engineering fraud where someone impersonating a representative of Apache’s vendor sent “new” bank information to Apache via email, resulting in invoice payments being misdirected. In that case, the Fifth Circuit pointedly used language to lay the loss at the feet of the insured:

Doubtless, had the confirmation call been properly directed, or had Apache performed a more thorough investigation, it would never have changed the vendor-payment account information. Moreover, Apache changed the account information, and the transfers of money to the fraudulent account were initiated by Apache to pay legitimate invoices … Arguably, Apache invited the computer-use at issue, through which it now seeks shelter under its policy, even though the computer-use was but one step in Apache’s multi-step, but flawed, process that ended in its making required and authorized, very large invoice-payments, but to a fraudulent bank account.  

Similarly, the Court in InComm noted that:

InComm chose to wire funds to Bancorp because it was contractually required to do so and because, despite any reconciliation or verification process it had in place, it believed the redemptions were legitimate.

Then, borrowing language from Apache, the Court stated:

As in Apache, “the authorized transfer was made to the [Bancorp] account only because, after receiving [notice of the duplicate chit redemptions], [InComm] failed to investigate accurately new, but fraudulent, information provided to it.” [emphasis added].

Not only did the Apache and InComm courts refuse to find an “immediate” relationship between the alleged conduct and the claimed losses, they each observed that investigatory lapses on the part of the insureds could be considered intervening and superseding causes of their losses.

Conclusion

Although it arises from a rather complicated set of facts and legal relationships, InComm provides helpful general guidance on both the “use of a computer” and the “direct loss” requirements found in computer fraud insuring agreements.

The courts in Apache and Pestmaster recognized that computers are involved in virtually every business transaction, and that interpreting computer fraud coverage to cover every loss that involves both a computer and fraud at some point in the transaction would turn such coverage into a “general fraud policy”. The Court in InComm built on this insight by interpreting “the use of any computer to fraudulently cause a transfer” to require the fraudster’s use of a computer, not the use of a telephone to interact with the insured’s computer.

Further, the Court implicitly applied a “direct means direct” causation approach in finding that the loss was not one resulting directly from the cardholders’ conduct. This is underscored by the Court’s requiring a “specific and immediate connection” between the conduct and the loss, which could not be established, given the intervening steps which occurred here.

[Editors’ Note: Our guest co-author, John Tomaine, is the owner of John J. Tomaine LLC, a fidelity insurance and civil mediation consultancy in New Jersey.  After over thirty-one years with the Chubb Group of Insurance Companies, he retired as a Vice President in 2009.  He is an attorney admitted in Connecticut and New Jersey, and holds a Master’s Degree in Diplomacy and International Relations.  He is available to serve as an expert witness in fidelity claim litigation and to consult on fidelity claim and underwriting matters.]

InComm Holdings, Inc. v. Great American Insurance Company, 2017 WL 1021749 (N.D. Ga.)

Leave a comment

Filed under Computer Fraud, Direct Loss

Telamon: Seventh Circuit finds Insured’s Vice-President to be Independent Contractor falling outside Crime Policy’s Employee Theft Coverage

By David S. Wilson and Chris McKibbin

On March 9, 2017, the Seventh Circuit Court of Appeals released its decision in Telamon Corporation v. Charter Oak Fire Insurance Company. The decision affirms the ruling of the U.S. District Court for the Southern District of Indiana, which had held that the insured’s Vice-President of Major Accounts was not an “employee” within the meaning of a crime policy, as her services were provided to the insured by an outside entity pursuant to a series of consulting services agreements (see our April 25, 2016 post for more detail).

The Facts

Juanita Berry worked for Telamon from 2005 to 2011. Her work was governed by a series of Consulting Services Agreements (the “Agreements”) between Telamon and J. Starr Communications, Berry’s one-woman company through which she provided her services. The terms of the Agreements remained largely unchanged during Berry’s six-year association with Telamon. Her role did not. Berry’s responsibilities expanded well beyond those described in the Agreements, and she eventually became Telamon’s Vice-President of Major Accounts, making her the company’s senior manager in the New York and New Jersey region.

In that capacity, Berry oversaw Telamon’s AT&T Asset Recovery Program, which was supposed to remove old telecommunications equipment from AT&T sites and sell it to salvagers. Berry removed the equipment and sold it, but she pocketed the profits. By the time that Telamon discovered this conduct in 2011, it had incurred $5.2 million in losses. Telamon fired Berry and she was later convicted of wire fraud and tax evasion.

The Employee Theft Coverage

Telamon submitted a claim under its Travelers Wrap+ crime policy and, separately, to its property insurer, Charter Oak. Travelers concluded that there was no coverage available under the crime policy in respect of Berry’s conduct because Berry was not an employee within the meaning of the policy. The relevant portions of the definition provided that:

Employee means …

 any natural person . . . who is leased to the Insured under a written agreement between the Insured and a labor leasing firm, while that person is subject to the Insured’s direction and control and performing services for the Insured. …

 Employee does not mean

 any … independent contractor or representative or other person of the same general character not specified in paragraphs 1. through 5., above.

Travelers reasoned that the Agreements made it clear that Berry worked as an independent contractor, and that J. Starr could not reasonably be considered to be a labour leasing firm. Telamon disputed Travelers’ position, contending that J. Starr was a labour leasing firm because it had provided Berry’s consulting services to Telamon in exchange for payments; as Berry was a “leased employee”, the exception for independent contractors could not apply. The District Court accepted Travelers’ position and granted summary judgment dismissing the claim. Telamon appealed.

Before the Seventh Circuit, Telamon asserted that the plain meaning of a “labor leasing firm” is a company “in the business of placing its employees at client companies for varying lengths of time in exchange for a fee”; in Telamon’s view, all that it needed to demonstrate was that J. Starr was a business concern that sold another person’s work for a specified time and for a specified fee.

The Seventh Circuit held that, even accepting that definition, J. Starr could not reasonably come within it:

We will accept that definition for purposes of this opinion. Yet even so, we cannot conclude that J. Starr meets it. It is true that the Agreements were contracts between Telamon and J. Starr under which the former obtained the right to Berry’s labor. But J. Starr was not a firm in the business of leasing labor; it was just Berry’s vehicle for providing her own services. To classify her corporate alter ego as a “labor leasing firm” would be to elevate form over substance.

 The cases Telamon cites to support its position underscore our point. The “labor leasing firm” in Pacific Employers had multiple branches and specialized “in providing industrial clients with daily workers.” … Similarly, the firm in Torres “hire[d] individuals and place[d] them with client companies for varying lengths of time,” including at least six with the company litigating its insurance coverage. … There is no way to squeeze J. Starr into the same box. Berry’s company was a legal convenience, and nothing more. Because it was not a “labor leasing firm,” she was not an “Employee” for purposes of the Travelers policy. [citations omitted]

Consequently, no coverage was available under the Travelers policy.

Conclusion

Telamon provides useful appellate guidance on the employee-independent contractor distinction found in most crime policies. The Seventh Circuit’s decision reinforces the importance of assessing whether an alleged defaulter comes within the definition of “Employee” in a theft claim. In this case, Berry was held out by Telamon as a Vice-President and exercised considerable power over Telamon’s operations and personnel, but performed these duties as an independent contractor. With more work relationships moving away from the traditional employee-employer model, fidelity claims professionals must ensure that the precise legal status of the alleged defaulter’s work relationship vis-à-vis the insured is established as part of the coverage analysis.

Telamon also provides specific guidance with respect to the meaning of “labor leasing firm” and, arguably, similar terms used in other fidelity coverages. Although J. Starr did, in the narrowest and most technical sense, supply its (only) worker to another company for payment, the Court rejected Telamon’s attempts to characterize J. Starr as a labour leasing firm, even accepting Telamon’s proposed definition of the term for the purposes of the analysis. This finding is of assistance to fidelity claims professionals who must address creative arguments which attempt to bring similarly-situated workers within the definition of “Employee”.

Telamon Corporation v. Charter Oak Fire Insurance Company, 2017 WL 942656 (7th Cir.)

Leave a comment

Filed under Employee Theft

Citizens Bank: U.S. District Court rejects contra proferentem reading of Financial Institution Bond in finding No Coverage for Forged USDA Guarantees

By David S. Wilson and Chris McKibbin

On November 16, 2016, the U.S. District Court for the Eastern District of Wisconsin released its decision in Citizens Bank Holding Inc. v. Atlantic Specialty Insurance Co. The Court held that forged business loan guarantees purportedly issued by the U.S. Department of Agriculture (USDA) did not qualify for indemnity under Insuring Agreements D or E of a Financial Institution Bond. The decision is notable in that it reaffirms the interpretive principle that the Bond is not to be interpreted contra proferentem, as it is a product of negotiation between the banking and fidelity insurance industries.

The Facts

Citizens Bank maintained an investment advisory agreement with Pennant Management, Inc. (“Pennant”), a company engaged in acquiring USDA-guaranteed loans on behalf of community banks. Pursuant to this agreement, Citizens Bank began purchasing shares in loan pools administered by Pennant.

In 2013, Pennant entered into a master repurchase agreement with First Farmers Financial LLC (“First Farmers”), a company approved by the USDA as an eligible lender for certain USDA loans. Under the terms of the master repurchase agreement, Pennant, on behalf of its clients, agreed to purchase from First Farmers guaranteed portions of USDA loans and supporting agreements, documents, and instruments, including USDA-issued Assignment Guarantee Agreements (AGAs).

Beginning in 2013, Pennant purchased, on behalf of Citizens Bank, 25 USDA-guaranteed loans purportedly originated by First Farmers. Citizens Bank’s investment in the loan pool totaled $15 million. For each loan, Citizens Bank’s custodian received an original USDA AGA that contained an original ink signature purporting to be that of a USDA state director.

In 2014, Pennant discovered that the First Farmers loans were fictitious and that the signatures on the AGAs were forged. The identified borrowers and collateral were fictitious and the CPA who allegedly audited First Farmers did not exist. First Farmers refused Pennant’s request to repurchase the loans it purportedly originated, and the USDA refused Pennant’s demand to honor the AGAs, reasoning that it had not guaranteed any valid loans. As a result, Citizens Bank lost its investment.

The Coverage

Citizens Bank pursued a claim under Insuring Agreements D (Forgery) and E (Securities) of its Bond, and ultimately moved for summary judgment against its insurer, Atlantic. Before the District Court, Citizens Bank contended that certain provisions of the Bond had to be interpreted contra proferentem. The District Court reviewed the principles for interpreting Financial Institution Bonds and rejected Citizens Bank’s contention, applying the principle, recognized since at least Sharp v. FSLIC in 1988, that the contra proferentem rule “generally does not apply where the policy in question is a standard Bankers Blanket Bond, drafted by representatives from both the banking and insurance industries.”

The Court then considered coverage under Insuring Agreement E(1), which indemnified for:

 Loss resulting directly from the Insured having, in good faith, for its own account or for the account of others: … acquired, sold, delivered, or given value, extended credit or assumed liability, on the faith of any original Written document that is a:

 (a)   Certificated Security … [or]

 (g)   corporate, partnership or personal Guarantee …

 which … bears a handwritten signature of any … guarantor … that is a Forgery.

Citizens Bank asserted that the forged AGAs qualified as certificated securities, or as corporate or personal guarantees. Atlantic took the view that the AGAs did not fall within either category of documents.

The Court first determined that the AGAs were not certificated securities. The Bond defined a “Certificated Security” as:

 a share, participation or other interest in property of, or an enterprise of, the issuer or an obligation of the issuer, which is:

 (a)        represented by an instrument issued in bearer or registered form;

 (b)        of a type commonly dealt in on securities exchanges or markets or commonly recognized in any area in which it is issued or dealt in as a medium for investment; and

 (c)        either one of a class or series or by its terms divisible into a class or series of shares.

Citizens Bank contended that an AGA “is a ‘class’ of obligation ‘issued by the USDA’ in ‘registered’ form and ‘commonly recognized’ as a ‘medium of investment’ in the secondary market for USDA guaranteed loans.” Atlantic responded that the Bond defined guarantees and certificated securities separately, and that the documents in issue were self-identified as guarantees. Further, an AGA was not a share, nor was it divisible into shares.

The Court held that a reasonable insured would not expect the AGAs to qualify as certificated securities under the Bond, observing that, while one could try to classify an AGA as a certificated security by separating each of the terms used in defining the document, “such terms must be viewed in context of the Bond as a whole and not in isolation.” As the AGAs were labeled as guarantees, and fit within the definition of “guarantee” used in the Bond, it was not reasonable to accept that the parties intended such documents to also qualify as certificated securities.

The Court then considered whether the AGAs were “corporate, partnership or personal” guarantees. Citizens Bank contended that they represented (i) corporate guarantees, because the USDA acts in a corporate capacity in providing loan guarantees; and (ii) personal guarantees, because the USDA, as a political body, is an artificial “person” akin to a corporation or partnership. The Court rejected these arguments, holding that the USDA is a government agency and not a corporation. As the types of guarantees in Insuring Agreement E(1)(g) expressly included only corporate, partnership or personal guarantees, accepting Citizens Bank’s definition would be “unreasonable as it would render those expressly included terms superfluous.” As a result, the AGAs did not fall within Insuring Agreement E(1).

The Court then considered coverage under Insuring Agreement D, which indemnified for, inter alia, loss resulting directly from forgery of, on, or in any Letter of Credit. “Letter of Credit” was defined as:

 an engagement in writing by a bank or other person made at the request of a customer that the bank or other person will honor drafts or other demands for payment upon compliance with the conditions specified in the Letter of Credit.

Citizens Bank contended that the USDA acted as a “bank” by facilitating the transmission of funds to lenders and borrowers, and also argued that the USDA was an “other person”, on the basis that that term encompassed human beings, corporations and partnerships.

The Court held that the AGAs were not letters of credit:

 The Court finds that a reasonable insured in Citizens Bank’s position would not expect the [AGAs] to qualify as letters of credit under the terms of the Bond. For one, the [AGAs] are labeled as guarantees and clearly fit within the definition of a guarantee as used in the Bond and for which coverage is provided under Insuring Agreement E. That other instruments, for example certificates of deposit, may qualify for coverage under multiple insuring agreements does not mean that a document expressly labeled as a guarantee — a term defined in the Bond — should be treated as an instrument with an entirely different definition.

 Even if the Court were to ignore this unambiguous label, it would nevertheless find that a USDA [AGA] does not satisfy the definition of a letter of credit. … the USDA is neither a “bank” nor an “other person.” [emphasis added]

Conclusion

Citizens Bank is notable for three reasons. First, the holdings by the Court regarding Insuring Agreements D and E(1) will undoubtedly be of interest to fidelity professionals dealing with claims involving government-issued guarantees. Second, the Court expressly reaffirmed the principle that Financial Institution Bonds are not to be interpreted contra proferentem, as they are effectively products of joint authorship.

Third, the Court took a robust approach to interpreting the Bond, exemplified by its observation that:

 This failure of the contracting parties to consider government guarantees explains why Citizens Bank has pressed a highly creative interpretative stratagem, urging a microscopic focus on the dictionary or statutory definitions of individual words. … Such an approach, however, runs contrary to the general rule that interpretation must take into account the whole of the contract.

Citizens Bank militates against an interpretive approach which seeks to generate coverage by “stitching together” definitions of individual words and phrases to try to fit the circumstances of a loss within coverage, and in favour of an approach whereby courts give effect to the wording of the Bond, read as a whole. The latter approach is consistent with the interpretive methodology used by U.S. courts generally, and is expressly mandated by the Supreme Court of Canada as the “primary interpretative approach” to be taken in our country.

Citizens Bank Holding Inc. v. Atlantic Specialty Insurance Co., 15-CV-782 (E.D. Wis. November 16, 2016) [Note: this decision does not appear to be accessible online; please contact us if you would like a copy.]

Leave a comment

Filed under Forgery, Securities Coverage

Hantz Financial Services: Sixth Circuit enforces Suit Limitation Provision in finding No Coverage under Financial Institution Bond

By David S. Wilson and Chris McKibbin

On November 9, 2016, the Sixth Circuit Court of Appeals released its decision in Hantz Financial Services, Inc. v. American International Specialty Lines Insurance Co., affirming the U.S. District Court for the Eastern District of Michigan’s grant of summary judgment in favour of National Union in a claim advanced on a Financial Institution Bond.

As we discussed in our September 29, 2015 post, the District Court held that no coverage was available to the insured, Hantz Financial Services, Inc. (“Hantz”), for losses resulting from its employee’s perpetrating a fraud on its clients, as such losses were indirect. The District Court also suggested that the employee could not, in defrauding the clients, have had the manifest intent to cause a loss to Hantz.

The Sixth Circuit’s decision affirmed the result, but did so on the basis of the expiration of the suit limitation provision contained in General Agreement F of the Bond. The Sixth Circuit’s decision provides a useful reminder of the enforceability of suit limitation provisions in fidelity and crime policies, even where the insurer undertakes significant investigatory steps in the course of assessing the first-party claim.

The Facts

Hantz is a licensed securities broker-dealer that offers clients investment advice. Hantz does not provide its own investment products to clients; instead, it introduces clients to investment products offered by other financial services companies.

Hantz employee Michael Laursen stole more than $2.6 million that Hantz’s clients had provided to him to invest, or to purchase insurance, on their behalves. Initially, Laursen deposited cheques written by clients directly into his personal bank account. Some cheques were written to Laursen directly, while others were made payable to “Hantz Financial Services”, “HFS”, “Hantz” or “Hantz Consulting”. At one point during the course of the fraud, Laursen opened a bank account in the name of “Henary Firearms Service” and directed his clients to write cheques payable to “HFS”, which he then deposited into that account. The fraud came to light in March 2008.

As a result of the fraud, Hantz ended up in litigation with two sets of clients:

  • Bolton Claimants: the Bolton claimants initiated a Financial Industry Regulatory Authority (FINRA) arbitration action against Hantz, which was settled for $600,000 on July 24, 2009.
  • Monroe Claimants: the Monroe claimants initiated a FINRA arbitration action against Hantz and recovered $587,063. A Michigan state court entered judgment confirming the FINRA arbitration award on December 17, 2010; this judgment was affirmed by the Michigan Court of Appeals on January 24, 2012.

Hantz commenced its coverage action against National Union on March 18, 2013.

The National Union Coverage and the Suit Limitation Period

General Agreement F of Hantz’s Financial Institution Bond with National Union provided that, with respect to losses arising from legal proceedings against Hantz:

the Insured may not bring legal proceedings for the recovery of such loss after the expiration of 24 months from the date of such final judgment or settlement.

It will be noted that the trigger for the suit limitation period in General Agreement F of the Bond, drafted specifically to apply to losses resulting from legal proceedings against the insured, is “the date of … final judgment or settlement” in such litigation. Almost invariably, fidelity coverages contain a “general” suit limitation period, which is triggered by the insured’s discovery of the loss. For example, in the 1999 decision of the Supreme Court of Canada in Guarantee Co. of North America v. Gordon Capital Corp., the Court enforced a 24-month suit limitation period which was triggered by the insured’s discovery of “facts which would cause a reasonable person to assume that a loss of a type covered by this bond has been or will be incurred”.

Before the Sixth Circuit, Hantz contended that the suit limitation period in General Agreement F did not apply in respect of the Bolton and Monroe claims. With respect to the Monroe claim, Hantz asserted that the Bond did not define “final judgment” and was therefore ambiguous as to whether it meant the December 17, 2010 judgment from the Michigan state court, or the January 24, 2012 appeal judgment. After reviewing extensive authority, the Court held that:

Accordingly, as a legal term of art, “final judgment” virtually always designates the judgment by a court that determines all the rights and obligations of the parties in a case so that it can be appealed—not a judgment that has been resolved after appeal. Mindful that we must not read ambiguity into contracts where none exists, we do not find Hantz’s proposed construction of the term to be a reasonable alternative interpretation. And no other language that could support its reading of “final judgment” — i.e., words like “appeal,” “exhaust,” “affirm,” or “deny” — appears anywhere in this section of the Bond.

The March 18, 2013 action was initiated subsequent to the expiration of the 24-month suit limitation period following the December 17, 2010 judgment. Accordingly, no coverage was available to Hantz in respect of the Monroe claim.

With respect to the Bolton claim, Hantz took a different approach. Hantz asserted that, as a result of National Union’s thorough investigation of the first-party claim over a period of almost three years, National Union was equitably estopped from relying on the suit limitation period. The Court held that National Union’s investigative steps did not equitably estop it from relying on the suit limitation period:

National Union’s contractual limitations defense survives despite its investigative efforts. No evidence supports Hantz’s argument that National Union “induced” Hantz to believe it would not enforce the limitations clause. Although National Union spent nearly three years investigating Hantz’s claims and requested Hantz’s cooperation throughout the process, it never implied it would waive the contractual limitations provision, nor did it suggest that it would cover the losses. Quite the contrary: National Union’s letters conveyed that the insurer planned to contest coverage, albeit on grounds other than the Bond’s limitations period. …

Even assuming that National Union was responsible for unnecessary delays in the claims investigation process, as Hantz contends, delay alone won’t support a reliance finding. [emphasis added]

As a result, the 24-month suit limitation period was enforceable in respect of the Bolton claim, and had expired prior to the commencement of Hantz’s action.

Conclusion

Hantz Financial Services is notable insofar as it affirms the enforceability of a suit limitation provision on its plain terms. Although the Sixth Circuit was considering General Agreement F of the Financial Institution Bond, there is no reason why the same interpretive approach should not apply to discovery-triggered suit limitation periods; indeed, this was the result in the Supreme Court of Canada’s decision in Gordon Capital.

Hantz Financial Services is also significant in its rejection of the insured’s contention that National Union’s investigative actions gave rise to equitable estoppel precluding reliance on the suit limitation provision. While prudence suggests that an insurer may wish to expressly advert to a suit limitation period in the course of investigating a first-party loss, the Sixth Circuit has rejected the contention that the mere fact of investigating and gathering information, without specifically broaching the suit limitation period, necessarily gives rise to equitable estoppel.

Hantz Financial Services, Inc. v. American International Specialty Lines Insurance Co., 2016 WL 6609544 (6th Cir.)

Leave a comment

Filed under Suit Limitation Provision

Apache Corporation: Fifth Circuit holds that Commercial Crime Policy’s Computer Fraud Coverage does not extend to Social Engineering Fraud Loss

By David S. Wilson and Chris McKibbin

On October 18, 2016, the U.S. Court of Appeals for the Fifth Circuit released its opinion in Apache Corporation v. Great American Insurance Company.  This is one of the first appellate decisions to consider coverage for a social engineering fraud loss under “traditional” commercial crime policy wording since the widespread introduction of social engineering fraud endorsements.  In holding that the loss did not trigger indemnity under the Computer Fraud coverage, the Fifth Circuit adopted the interpretive approach to Computer Fraud coverage taken by the Ninth Circuit in Pestmaster Services v. Travelers (which we discussed in our August 4, 2016 post) and applied it in the context of social engineering fraud.

The Facts

Apache is an oil production company which is headquartered in Texas and which operates internationally.  In March 2013, an Apache employee in Scotland received a call from a person claiming to be a representative of Petrofac, a legitimate vendor of Apache.  The caller instructed the employee to change the bank account information which Apache had on record for Petrofac.  The Apache employee advised that such a change request would not be processed without a formal request on Petrofac letterhead.

A week later, Apache’s accounts payable department received an email from a @petrofacltd.com email address.  Petrofac’s legitimate email domain name is @petrofac.com.  The email advised that Petrofac’s bank account details had changed, and included as an attachment a signed letter on Petrofac letterhead setting out the old and new account numbers and requesting that Apache “use the new account with immediate effect.”

An Apache employee called the telephone number on the letterhead and confirmed the authenticity of the change request.  Next, a different Apache employee approved and implemented the change.  A week later, Apache was transferring funds for payment of Petrofac’s invoices to the new bank account.

Within a month, Petrofac advised Apache that it had not received payment of approximately $7 million which Apache had transferred to the new account.  Apache recovered some of the funds, but still incurred a net loss of approximately $2.4 million.

The Computer Fraud Coverage

Apache maintained a Crime Protection Policy with Great American, but it does not appear that the policy included social engineering fraud coverage.  Apache asserted a claim under its Computer Fraud coverage, which provided that:

We will pay for loss of, and loss from damage to, money, securities and other property resulting directly from the use of any computer to fraudulently cause a transfer of that property from inside the premises or banking premises:

 a) to a person (other than a messenger) outside those premises; or

 b) to a place outside those premises.

In Great American’s view, no indemnity was available because the @petrofacltd.com email did not cause the transfers in issue, and because the coverage was limited to losses resulting from hacking and other incidents of unauthorized computer use.

The Fifth Circuit accepted Great American’s position.  Noting that there was no Texas law directly on point, the Court embarked on what it described as a “detailed — but numbing — analysis” of the authorities interpreting the Computer Fraud coverage.  Chief among these was the Ninth Circuit’s recent decision in Pestmaster, in which that Court interpreted the coverage to require an unauthorized transfer of funds, rather than simply any transfer which involved both a computer and a fraud at some point.

The Fifth Circuit contrasted that requirement with the lengthy chain of events that had resulted in Apache’s loss:

Here, the “computer use” was an email with instructions to change a vendor’s payment information and make “all future payments” to it; the email, with the letter on Petrofac letterhead as an attachment, followed the initial telephone call from the criminals and was sent in response to Apache’s directive to send the request on the vendor’s letterhead.  Once the email was received, an Apache employee called the telephone number provided on the fraudulent letterhead in the attachment to the email, instead of, for example, calling an independently-provided telephone contact for the vendor, such as the pre-existing contact information Apache would have used in past communications.  Doubtless, had the confirmation call been properly directed, or had Apache performed a more thorough investigation, it would never have changed the vendor-payment account information.  Moreover, Apache changed the account information, and the transfers of money to the fraudulent account were initiated by Apache to pay legitimate invoices. 

The Court observed that the authorities generally refuse to extend the scope of the Computer Fraud coverage to situations where the fraudulent transfer is not a direct result of computer use, but rather results from other events.

In concluding that no indemnity was available under the Computer Fraud coverage, the Court held that:

The email was part of the scheme; but, the email was merely incidental to the occurrence of the authorized transfer of money.  To interpret the computer-fraud provision as reaching any fraudulent scheme in which an email communication was part of the process would, as stated in Pestmaster…, convert the computer-fraud provision to one for general fraud.  …  We take judicial notice that, when the policy was issued in 2012, electronic communications were, as they are now, ubiquitous, and even the line between “computer” and “telephone” was already blurred.  In short, few — if any — fraudulent schemes would not involve some form of computer-facilitated communication.  [emphasis added]

Conclusion

The Fifth Circuit’s decision in Apache is broadly significant to the fidelity insurance industry not only because, like Pestmaster, it reaffirms the intended scope of the Computer Fraud coverage, but also because it reinforces the purpose behind insurers’ introduction of discrete social engineering fraud coverage in the last few years, i.e., the lack of coverage for social engineering frauds under traditional computer and funds transfer coverages.

The proliferation of social engineering fraud has undoubtedly exposed insureds to greater risk.  However, insurers have responded by underwriting discrete social engineering fraud coverages.  There is no need for courts to depart from the traditional interpretation of computer fraud and funds transfer fraud coverages in order to address this perceived problem, because a solution is already available.

As a practical matter, Apache confirms that insureds need Social Engineering Fraud coverage for these types of  losses.  The decision provides greater certainty on the part of insureds, insurers and brokers as to the intended scope of each coverage, and makes it easier for all industry participants to ensure that insureds obtain the coverages they require for the types of potential losses that they face.

Apache Corporation v. Great American Insurance Company, 2016 WL 6090901 (5th Cir.)

Leave a comment

Filed under Computer Fraud, Social Engineering Fraud